Password Protected

Release Date: 22-02-2013 Status: A new version of Password Protected has been released 

Description: Input passed via the "redirect_to" parameter when logging in is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Info

Wpsecure.net will have a new design soon.

Wpsecure.net publishes WordPress security info to better help and inform the WordPress community.
We only lists exploits/malware/hacks from plugins & themes hosted on the OFFICIAL www.wordpress.org site.